From 137e819f19e50f84f6c44bc42dff2b6b69f14d6a Mon Sep 17 00:00:00 2001 From: Florent Bruneau Date: Sun, 16 Sep 2007 12:05:18 +0200 Subject: [PATCH] Close #711: Fix advanced search when autocompletion is not explicitly validated by the user before launching the search Signed-off-by: Florent Bruneau --- ChangeLog | 5 ++++- include/userset.inc.php | 4 ++-- modules/search.php | 20 ++++++++++++++++++++ modules/search/classes.inc.php | 11 ++++++++++- modules/search/search.inc.php | 2 +- 5 files changed, 37 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2540e3b..108e2f6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -43,7 +43,7 @@ Bug/Wish: - #710: Adding grade do not degrade the database -FRU * Search: - - Fix DOS on too large quick searches -FRU + - #711: Fix search when autocompletion is not explicitly validated -FRU * Xnet: - #694: Color of 'Promotion' groups -ALK @@ -62,6 +62,9 @@ From 0.9.14 branch: * Payment: - #662: Fix the attribution of the payments -BOB + * Search: + - Fix DOS on too large quick searches -FRU + * XnetEvents: - #684: Fix the list of coming members -FRU diff --git a/include/userset.inc.php b/include/userset.inc.php index 8789ea9..a0f72b1 100644 --- a/include/userset.inc.php +++ b/include/userset.inc.php @@ -118,8 +118,8 @@ class SearchSet extends UserSet if ($fields->too_large()) { new ThrowError('Recherche trop générale.'); } - parent::__construct($join . ' ' . $fields->get_select_statement(), - $where . ' ' . $fields->get_where_statement()); + parent::__construct(@$join . ' ' . $fields->get_select_statement(), + @$where . ' ' . $fields->get_where_statement()); $this->order = implode(',',array_filter(array($fields->get_order_statement(), 'promo DESC, NomSortKey, prenom'))); } diff --git a/modules/search.php b/modules/search.php index 46c7850..ddbd700 100644 --- a/modules/search.php +++ b/modules/search.php @@ -160,6 +160,26 @@ class SearchModule extends PLModule if (!Env::has('rechercher') && $action != 'geoloc') { $this->form_prepare(); } else { + $textFields = array( + 'country' => array('field' => 'a2', 'table' => 'geoloc_pays', 'text' => 'pays', 'exact' => false), + 'fonction' => array('field' => 'id', 'table' => 'fonctions_def', 'text' => 'fonction_fr', 'exact' => true), + 'secteur' => array('field' => 'id', 'table' => 'emploi_secteur', 'text' => 'label', 'exact' => false), + 'nationalite' => array('field' => 'a2', 'table' => 'geoloc_pays', 'text' => 'nat', 'exact' => 'false'), + 'binet' => array('field' => 'id', 'table' => 'binets_def', 'text' => 'text', 'exact' => false), + 'groupex' => array('field' => 'id', 'table' => 'groupesx_def', 'text' => 'text', 'exact' => false), + 'section' => array('field' => 'id', 'table' => 'sections', 'text' => 'text', 'exact' => false), + 'school' => array('field' => 'id', 'table' => 'applis_def', 'text' => 'text', 'exact' => false) + ); + foreach ($textFields as $field=>&$query) { + if (!Env::v($field) && Env::v($field . 'Txt')) { + $res = XDB::query("SELECT {$query['field']} + FROM {$query['table']} + WHERE {$query['text']} " . ($query['exact'] ? " = {?}" : " LIKE CONCAT({?}, '%')"), + Env::v($field . 'Txt')); + $_REQUEST[$field] = $res->fetchOneCell(); + } + } + require_once 'userset.inc.php'; $view = new SearchSet(false, $action == 'geoloc' && substr($subaction, -3) == 'swf'); $view->addMod('minifiche', 'Minifiches', true); diff --git a/modules/search/classes.inc.php b/modules/search/classes.inc.php index c682e1e..8a27101 100644 --- a/modules/search/classes.inc.php +++ b/modules/search/classes.inc.php @@ -473,7 +473,16 @@ class RefSField extends SField return false; } $res = implode(' OR ', array_filter(array_map(array($this, 'get_single_match_statement'), $this->fieldDbName))); - return "INNER JOIN {$this->refTable} AS {$this->refAlias} ON ({$this->refCondition} AND ($res) )"; + if (is_array($this->refTable)) { + foreach ($this->refTable as $i => $refT) + $last = $i; + $inner = ""; + foreach ($this->refTable as $i => $refT) + $inner .= " INNER JOIN {$refT} AS {$this->refAlias[$i]} ON ({$this->refCondition[$i]} ".(($i == $last)?"AND ($res) ":"").")\n"; + return $inner; + } else { + return "INNER JOIN {$this->refTable} AS {$this->refAlias} ON ({$this->refCondition} AND ($res) )"; + } } // }}} diff --git a/modules/search/search.inc.php b/modules/search/search.inc.php index dab3017..db8eb70 100644 --- a/modules/search/search.inc.php +++ b/modules/search/search.inc.php @@ -50,7 +50,7 @@ function advancedSearchFromInput() $entrepriseField = new RefSField('entreprise',array('ee.entreprise'),'entreprises','ee','u.user_id=ee.uid',false); $posteField = new RefSField('poste',array('ep.poste'),'entreprises','ep','u.user_id=ep.uid', false); - $fonctionField = new RefSField('fonction',array('en.fonction'),'entreprises','en','u.user_id=en.uid'); + $fonctionField = new RefSField('fonction',array('en.fonction'),'entreprises','en','u.user_id=en.uid'); $secteurField = new RefSField('secteur',array('fm.secteur'),'entreprises','fm','u.user_id=fm.uid'); $cvField = new RefSField('cv',array('u.cv'),'','','',false); -- 2.1.4